philipp.kocher at gmx.net
Wed Dec 2 02:49:37 EST 2009
Hi Ed, Martin
What is the plan for the Fedora 11 build for XO-1, will OLPC sign such a
build or is 802 the last build signed by OLPC?
I don't think one of the two options is a good solution for small
deployments without a tech team.
I think for the case of Cambodia with many small deployments
(educational NGOs got XOs donated from G1G1/OLPC or other donors), no
signed builds probably means that the XOs don't get updated anymore.
On 12/01/2009 08:04 PM, Ed McNierney wrote:
> Philipp -
> An OS image signed by OLPC can be booted by any XO-1.0 laptop in the world, except for those which have been reconfigured by a deployment to only respect software signed by other security keys. That implies a higher level of testing and certification than an image that can be selectively adopted by specific deployments who can do their own testing to decide whether that release is suitable for their application. As OLPC's deployments grow both in number of total laptops deployed and in the number of different localities supported, it becomes increasingly burdensome / difficult to package and test One Image to Boot Them All worldwide.
> As Martin points out, we are continuing to try to move users toward either (a) using machines with boot-image security disabled, so they can run any software, or (b) using locally-developed and locally-maintained signature authorities to sign OS images for secure boot in local deployments.
> - Ed
> On Dec 1, 2009, at 4:14 AM, Philipp Kocher wrote:
>>> - It won't be signed by OLPC. You have to be on an unlocked XO, or be
>>> a deployment signing your own builds.
>> Is there a reason why 8.2.2 doesn't get signed by OLPC?
>> I do understand that the main target group are big deployments which can
>> sign the build, but why are others excluded?
>> In the past even release candidates like build 800 got signed by OLPC.
>> Cheers Philipp
>> Devel mailing list
>> Devel at lists.laptop.org
More information about the Devel